Embed Size (px)
Citation preview
Intan Muchtadi, Budi RahardjoMarisa Paryasto, Tomy Ardiansyah,
Sa’aadah Sajjana Carita
Faculty of Maths and Natural SciencesSchool of Electrical Engineering and Infomatics
Institut Teknologi Bandung (ITB), Indonesia
MOTIVATIONDevices with limited sources are easy to get wired /attacked
We need cryptography implementation on these kinds of devices
ECC is one of the solution, but ECC needs big computation
Elliptic curvey2 = x3 − x
y2 = x3 − ½x + ½
Elliptic curve over F23
161718192021222324
y2 = x3 + x + 1
0123456789
10111213141516
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Elliptic Curve Addition
P+Q
P
Q
Multiples in Elliptic Curves 1� The interest in Elliptic Curve Addition is the
process of adding a point to itself.
� That is given a point P find the point P+P or 2P.
� This is done by drawing a line tangent to P and reflecting the point at which it intercepts the curve
� P can be added to itself k times resulting in a point W = kP.
Multiples in Elliptic Curves 1
P+P = 2PP+P = 2P
P
Multiples in Elliptic Curves 2� Finding the value of 3P:
P+P = 2P
3P
P
Elliptic Curve Encryption� INPUT: Prime p, elliptic curve E, point P of order n,
private key d∈[1,n-1], plaintext m
� OUTPUT: Cipher text (C1,C2)
1. Compute Q=dP1. Compute Q=dP
2. Represent the message m as the point M in E(Fp)
3. Select k ∈[1,n-1]
4. Compute C1 = kP
5. Compute C2 = M + kQ
6. Return (C1,C2)
Elliptic Curve Decryption� INPUT : prime p, elliptic curve E, point P of order n,
private key d, ciphertext (C1,C2)
� OUTPUT: Plaintext m
1. Compute M = C2-dC1 and extract m from M1. Compute M = C2-dC1 and extract m from M
2.Return (m).
(M = C2-dC1= M+kQ –dkP= M + kdP – dkP)
Elliptic Curve Security� The security of the Elliptic Curve algorithm is based on
the fact that it is very difficult (as difficult as factoring) to solve the Elliptic Curve Discrete Logarithm Problem:Problem:
Given two points P and Q where Q = kP, find the value of k
POLLARD RHO
Let , with , and and such that in . We aims to find
The Algorithm 1. By using a hash function, we divide into 3 sets, with almost equal number of1. By using a hash function, we divide into 3 sets, with almost equal number of
elements, but 2. Define an iteration function :
(1)
Since if , then if is in , in some time and the values of theiteration functions will all be That is why we makethe assumption of .
Finite Field� Operations over the real numbers are slow and
inaccurate due to round-off error
� Need to be faster and accurate� Need to be faster and accurate
� Accurate and efficient :
� Prime field GF(p)
� Binary field GF(2m )
� Composite Field GF((2m)n)
COMPOSITE FIELD� Using composite field, we may divide the computation
into subfields from GF(2k) into GF((2n)m ) where k = nm.
1 2 3 4 5 6 7 8 9 … 299
1234…1
3
23
MULTIPLIER
� MULTIPLIER :
� Create/improve algorithms
� Design implementation
� LUT is used for multiplication in ground field GF(2^13) and Karatsuba Offman Algorithm for the extension field multiplication GF(2^13)^23
Multiplier for GF(2^13)
[Paryasto-Rahardjo-Muchtadi-Kuspriyanto2010]
MULTIPLIER GENERAL
ARCHITECTURE
[Paryasto-Rahardjo-Yuliawan-Muchtadi-Kuspriyanto2012]
ECC ARCHITECTURE WITH
COMPOSITE FIELD
[Paryasto-Rahardjo-Muchtadi-Kuspriyanto2011]
[Paryasto2012]
[Paryasto2012]
Result 1 [Muchtadi2012]� Speed up the Pollard Rho algorithm for elliptic curves
over composite fields, by using the multiplier that combines the LUT and KOA proposed in [Paryasto2012][Paryasto2012]
Elliptic Curves over GF(2n)Elliptic curve over GF(2n) is defined with Weierstrassequation, which after transformed by admissible change of variables, can be written as
� where O is the projective closure of the equation .
Modified Pollard RhoTo speed up Pollard Rho, the iterating function f is defined on the equivalence class rather than just one point in <P> .
The expected number of iterations for the modified Pollard Rho algorithm is
Experimental Results1 [Muchtadi-
Ardiansyah-Carita2013a]
Computation of Equivalence
classes
Equivalence class (contd)
Result with Frobenius
Result with Frobenius-Negation
Therefore by Frobenius-Negation map we just need one iteration
to get collision points.
Comparison
Experimental Result 3, using Random Walk
[Muchtadi-Ardiansyah-Carita2013c]
ComparisonMethod By experiment By formule
Ordinary 8 11
Negation 8 8
Frobenius 4 4
Frob-neg 1 3
Random Walk 6 11
Frob-Random Walk 1 4
Random Walk with new point
ComparisonMethod By experiment By formule
Ordinary 16 11
Negation 9 8
Frobenius Random Walk 5 4
Frob-neg Random Walk 4 3
Random Walk 22 11
Speeding the Squaring using
Normal Basis� A polynomial basis in GF(2n) is a basis of the form
{1,α, α2,…, αn-1}
� A normal basis in GF(2n) is a basis of the form {α, α2, …, α2^n-1}{α, α2, …, α2^n-1}
� In normal basis squaring is just a cyclic shift of the coordinates.
For example
� w = 10110101
� w^2 = 11011010
� w^4 = 01101101
Experimental Result 2 [Muchtadi-
Ardiansyah-Carita2013b]
The use of Frobenius, Negation
and Normal Basis
Comparison
Implementation- for longer bit
[Paryasto-Rahardjo2013]� Algorithm of squaring operation in polynomial basis
implemented using C programming language
Conclusion� By using Negation and Frobenius map simultaneously
we can find two collision points faster than ordinary Pollard Rho.
� Random Walk is not always speeding up the � Random Walk is not always speeding up the Algorithm, should be combined with Frobenius-Negation.
� Unfortunately Frobenius only works for Koblitz curves
� Koblitz curves could be considered “weak”.
� To speed up the squaring for Frobenius, we suggest the use of normal basis.
OUTPUT (1 proc intl conf, 3 jurnal intl, 1
draft jurnal nas)� [Muchtadi2012] I.Muchtadi-Alamsyah, Pollard Rho Algorithm for
Elliptic Curves over Composite Fields, Proceeding International Conference on Mathematics and Statistics 2012, PM 10.
� [Muchtadi-Ardiansyah-Carita2013a] I.Muchtadi-Alamsyah, � [Muchtadi-Ardiansyah-Carita2013a] I.Muchtadi-Alamsyah, T.Ardiansyah, S.S.Carita, Pollard Rho Algorithm for Elliptic Curves over GF(2n) with Negation and Frobenius Map, accepted in Adv Sciences Letters Vol 20 Issue 1, 2014.
� [Muchtadi-Ardiansyah-Carita2013b] ] I.Muchtadi-Alamsyah, T.Ardiansyah, S.S.Carita, Pollard Rho Algorithm for Elliptic Curves over GF(2n) with Negation Map, Frobenius Map and Normal Basis, submitted to Far East Journal of Mathematical Sciences.
OUTPUT
� [Muchtadi-Ardiansyah-Carita2013b] ] I.Muchtadi-Alamsyah, T.Ardiansyah, S.S.Carita, Pollard Rho Algorithm for Elliptic Curves over GF(2n) with Random Walk, for Elliptic Curves over GF(2 ) with Random Walk, Frobenius Map and Normal Basis, submitted to Journal of Software.
� [Paryasto-Rahardjo2013] M.Paryasto, B. Rahardjo, Implementation of Polynomial Basis Squaring, draft.
OUTPUT (Tugas Akhir)� M. Saputra, Algoritma Pollard Rho dan Modifikasinya
pada Kriptografi Kurva Eliptik, Tugas Akhir S1 Matematika ITB, 2012.
� T. Ardiansyah, Algoritma Pollard Rho pada Kurva � T. Ardiansyah, Algoritma Pollard Rho pada Kurva Eliptik atas Lapangan GF(2n) dengan Pemetaan Frobenius dan Negasi, Tugas Akhir S1 Matematika ITB, 2013.
� S.S.Carita, Algoritma Pollard Rho pada Kurva Eliptik atas Lapangan GF(2n) dengan Pemetaan Frobenius, Negasi dan Basis Normal, Tugas Akhir S1 Matematika ITB, 2013.
Presentation� ICT Asia Regional Meeting, STIC Asie, Bangkok 29-31
October 2012, paper title : Basis Conversion in Composite Field
� International Conference on Mathematics, Statistics and � International Conference on Mathematics, Statistics and Its Applications, Bali, 19-21 November 2012, paper title: Pollard Rho Algorithm for Elliptic Curves over Composite Fields
� International Conference on Internet Services Technology and Information Engineering, Bogor, 11-12 May 2013, paper title : Pollard Rho Algorithm for Elliptic Curves over GF(2n) with Negation and Frobenius Map.
ACKNOWLEDGEMENT� This research is funded by Asahi Glass Foundation
Grant based on Surat Perjanjian Pelaksanaan Penelitian Nomor : 2004a/I1.C01/PL/2012.
REFERENCES� [Muchtadi2012] I.Muchtadi-Alamsyah, Pollard Rho Algorithm for
Elliptic Curves over Composite Fields, Proceeding International Conference on Mathematics and Statistics 2012, PM 10.
� [Muchtadi-Ardiansyah-Carita2013a] I.Muchtadi-Alamsyah, � [Muchtadi-Ardiansyah-Carita2013a] I.Muchtadi-Alamsyah, T.Ardiansyah, S.S.Carita, Pollard Rho Algorithm for Elliptic Curves over GF(2n) with Negation and Frobenius Map, accepted in Adv Sciences Letters Vol 20 Issue 1, 2014.
� [Muchtadi-Ardiansyah-Carita2013b] ] I.Muchtadi-Alamsyah, T.Ardiansyah, S.S.Carita, Pollard Rho Algorithm for Elliptic Curves over GF(2n) with Negation Map, Frobenius Map and Normal Basis, submitted to Far East Journal of Mathematical Sciences.
References� [Muchtadi-Ardiansyah-Carita2013b] ] I.Muchtadi-Alamsyah, T.Ardiansyah,
S.S.Carita, Pollard Rho Algorithm for Elliptic Curves over GF(2n) with Random Walk, Frobenius Map and Normal Basis, submitted to Journal of Software.
� [Paryasto2012] M.W. Paryasto, Arsitektur Unit Pengali Composite Field � [Paryasto2012] M.W. Paryasto, Arsitektur Unit Pengali Composite Field Kombinasi MH-KOA untuk Elliptic Curve Cryptography, Disertasi Doktor ITB, 2012.
� [Paryasto-Rahardjo2013] M.Paryasto, B. Rahardjo, Implementation of Polynomial Basis Squaring, draft.
� [Paryasto-Rahardjo-Muchtadi-Kuspriyanto2010] M. W.Paryasto, B.Rahardjo, I. Muchtadi-Alamsyah, Kuspriyanto, Rancangan Unit Aritmetika Finite Field Berbasis Composite Field, Prosiding MUNAS Aptikom 2010, pp. 98-102
REFERENCES� [Paryasto-Rahardjo-Muchtadi-Kuspriyanto2011] M. W.Paryasto,
B.Rahardjo, I. Muchtadi-Alamsyah and Kuspriyanto, Implementasi Composite Field pada Elliptic Curve Cryptography, Jurnal Ilmiah Ilmu Komputer Vol.7 No.2 Maret 2011
� [Paryasto-Rahardjo-Yuliawan-Muchtadi-Kuspriyanto2012] M. W. Paryasto, B.Rahardjo, F. Yuliawan, I.Muchtadi-Alamsyah and Kuspriyanto, Composite Field Multiplier Based on Look-up Table for Elliptic Curve Cryptography Implementation, ITB Journal of Information and Communication Technology Vol 6 no 1 (2012) 63-81
� THANK YOU VERY MUCH FOR YOUR ATTENTION
